Encryption Standards for Data In-Transit and Data At Rest

Please find the encryption details below:

  • In transit is TLS v. 1.2 with AWS's 2018 recommended ciphers;
  • Encrypted payload from cloud connector (within the TLS channel) uses AES-256 w/ customer encryption key; Each customer gets their own encryption key for in-transit encryption.
  • Same AES-256 encrypted payload is at rest (outside of the TLS channel) in S3, where the bucket is AES-256 encrypted with a different Clumio-managed encryption key;
  • customer encryption keys are rotated every 30 days;